Limit access
We aim to give people and systems access only when their work requires it, and to remove access when it is no longer needed.
Security
Mental-health information deserves thoughtful protection. TalkDoc uses safeguards designed to reduce risk, limits access by role and purpose, and explains where different privacy rules apply.
No online service can promise perfect security. This page describes our approach, not a certification or a guarantee that an incident can never happen.
Our approach
We use administrative, technical, and organizational safeguards appropriate to the systems involved. Exact controls can differ by product and provider relationship.
We aim to give people and systems access only when their work requires it, and to remove access when it is no longer needed.
Care, scheduling, billing, support, and AI do not all use the same systems. We choose safeguards for the information and purpose involved.
We assess vendors, monitor our systems, investigate reported issues, and follow applicable notice requirements when an incident occurs.
Where our patient AI runs
When you message TalkDoc's AI assistant or use the patient AI companion in a visit, that work happens inside a locked-down environment we call IronEgg—a secure enclave whose memory is sealed off by the hardware itself. TalkDoc staff can't read what's processed inside it, and these conversations are not sent to outside AI companies. Before your device sends anything, it checks proof of exactly what software the enclave is running.
The enclave runs on confidential-computing hardware (Intel TDX on Google Cloud Confidential Space) that isolates its memory from everyone—including the cloud provider and TalkDoc's own engineers.
Your device verifies a signed hardware attestation—a fingerprint of the exact code running—before sending anything. If the code doesn't match the version we've approved and pinned, nothing is sent.
Answers come from a medically-tuned open model running inside the enclave itself. Your AI conversations aren't forwarded to third-party AI providers, and we don't use them to target ads.
Requests are encrypted end-to-end to the enclave. Its decryption keys are generated fresh at every boot, live only in protected memory, and are destroyed on shutdown.
This applies to the AI assistant and the in-visit patient AI companion in your TalkDoc account. Other services (like scheduling, billing, phone check-ins, and some clinician note-drafting tools) run on standard HIPAA-covered systems with Business Associate Agreements in place. This page describes what is and isn't covered—ask us and we'll walk you through it.
Clear boundaries
Licensed clinicians deliver care. Their Notice of Privacy Practices explains how protected health information is used and disclosed in the clinical setting.
TalkDoc operates technology used for accounts, scheduling, communication, and related services. Our Privacy Policy explains how TalkDoc handles information in its different roles.
The patient AI assistant and the in-visit patient companion run inside the sealed enclave described above. Other AI features—like some clinician note-drafting tools—use standard HIPAA-covered systems under Business Associate Agreements, not the enclave. AI does not independently diagnose, prescribe, or replace the clinician responsible for care.
Your account